Klez-G

Jeff A. Earickson jaearick at COLBY.EDU
Thu May 9 11:52:18 IST 2002 

Julian,
   I too would like to see something going back to the remote postmaster.
Since I turned on the "Postmaster Gets Full Mail Headers" option, I can
see the domain that Klez came from, not just the phony "From:".  What
I have been doing (by hand), is looking at the topmost Received line in the
header, eg:

 Received: from mx3out.umbc.edu (mx3out.umbc.edu [130.85.253.53])

then bouncing the entire mailscanner message to "postmaster at xxx.yyy"
the last two components of the domain.  In this case, it would go to
postmaster at umbc.edu.  Maybe even postmaster at 130.85.253.53 in a pinch.
This logic could be automated via perl.

** Jeff A. Earickson, Ph.D                         PHONE: 207-872-3659
** Senior UNIX Sysadmin, Information Technology    EMAIL: jaearick at colby.edu
** Colby College, 4214 Mayflower Hill,               FAX: 207-872-3076
** Waterville ME, 04901-8842
----------------------------------------------------------------------------

On Thu, 9 May 2002, Julian Field wrote:

> Date: Thu, 9 May 2002 10:25:38 +0100
> From: Julian Field <jkf at ECS.SOTON.AC.UK>
> Reply-To: MailScanner mailing list <MAILSCANNER at JISCMAIL.AC.UK>
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: Klez-G
>
> At 00:23 09/05/2002, you wrote:
> >Has anyone made any modifications to Mailscanner yet forward a copy of
> >the postmaster warning message to the postmaster in the domain of the
> >sending machine?  Or is this a bad idea of attempting?
> >
> >Just getting annoying seeing all these Klez's coming from Comcast,
> >Verizon and broadband provider domains.
>
> Oh, and another problem: what happens when the sender address is fake (like
> it is in most spam)? Then you are just going to harass completely the wrong
> person, which is a good way to get blocked by them.
>
> There is absolutely no way of guaranteeing the domain name from where the
> email message originated.
> --
> Julian Field                Teaching Systems Manager
> jkf at ecs.soton.ac.uk         Dept. of Electronics & Computer Science
> Tel. 023 8059 2817          University of Southampton
>                              Southampton SO17 1BJ
>

More information about the MailScanner mailing list